It is vital that the Public and Private Sectors join together to support the development of cyber education initiatives.
This panel will examine the following issues: How can we develop the next generation of cyber security leaders and more broadly, a diverse workforce with skills necessary to effectively and safely participate in a rapidly changing digital world? How can the public and private sectors work together to develop a range of learning platforms to serve the mainstream student population, develop new leaders in cyber security, and foster comprehension among all young people of the risks posed by the cyber domain?

Panelists:

In cyberspace, nobody fights alone. Governments, agencies, industry -- even individuals -- all find themselves reliant upon others to ensure their interests are defended against a rogue’s gallery of threat actors and across a full spectrum of operations. All of us, even the military (which prides itself on its inherent ability to build to mil-spec), need commercial connectivity somewhere in the architecture. From a national defense perspective, the military force with the most and biggest guns, the hardiest fleets, and the most maneuverable aircraft, has been for decades considered the one best able to deter aggression from its adversaries. No more. The more technologically advanced Goliath is, the more opportunities there are for the Davids of the world. Even more paradoxical, the more friends you have, the more vulnerabilities you share. This panel, comprised of professionals who are tackling the daunting task of defending alliances and partners, will explore the unique challenges and developing strategies of "team ball" in cyberspace. The game, you will learn, is toughest in the opening rounds, well before the first kinetic shots are fired.

Presenters:

The United States’ national security depends on a secure, reliable and resilient cyberspace. The inclusion of digital systems into every aspect of US national security has been underway since World War II and has increased with the proliferation of Internet enabled devices. Recent attacks against US and its allies’ critical infrastructures to include water management systems in New York state, electrical production facilities in Ukraine, the DNS system in the US North East, and many more have highlighted the persistent challenges faced by the US and its allies. There is an increasing need to develop a robust deterrence framework within which the US and its allies can dissuade would be adversaries from engaging in various cyber activities. Yet despite a desire to deter adversaries, the problems associated with dissuasion remain complex, multifaceted, poorly understood and imprecisely specified. Challenges including, credibility, attribution, escalation and conflict management to name but a few remain ever present and challenge the US in its efforts to foster security in cyberspace. These challenges need to be addressed in a deliberate and multidisciplinary approach that combines political and technical realities to provide a robust set of policy options to decision makers. This panel examines the problem of cyber deterrence from a variety of different technical, policy and international relations perspectives.

Moderators:

Panelists:

We would all like cybersecurity problems to disappear, but a solution is not imminent. In the meantime, nations are racing ahead with digital government, smart cities, and other initiatives that seek efficiency but also increase vulnerability, all while receiving failing grades on cybersecurity report cards. The private sector is not much better off. Some companies are aggressively preparing robust defenses, but these are rare. Others are covering only the basics suggested by the NIST Cybersecurity or CIS Top 20 frameworks, which are widely recognized as only 80% solutions. Many others either lack the motivation or resources to reach a defensible cybersecurity baseline. Business as usual is clearly not the right answer. In this target rich environment, attackers are having a field day, both in compromising systems for both short term gain and in long term effects. Today’s risky state of affairs raises the questions: Are defenders lacking a sense of urgency? What can and should be done to create viable defenses now, before more debilitating attacks occur in the future? What can we do to rally support within the government, the military, and in the private sector at a more rapid pace? This fast-paced panel brings together a diverse spectrum of experts to outline and challenge today’s status quo, analyze underlying root causes, and suggest viable solutions. Bring your hard questions on the best way ahead to ask during Q&A.

Keynote Speaker:

In this panel, we examine sovereignty during the competition phase of conflict from a (jus ad bellum) legal perspective. In light of compelling recent debates and the UK Attorney General’s May 2018 speech regarding Cyber and International Law in the 21st Century, is sovereignty a primary rule of international law or merely a guiding principle from which a state may derogate when absolutely necessary to conduct cyber activities? The answers to this and several more questions on this panel will help to meaningfully shape the future of cyber conflict.

Moderators:

Panelists:

Led by the Army Cyber Institute at West Point, in partnership with AECOM as the private sector lead and the City of Houston, Jack Voltaic 2.0 was an innovative, bottom-up, public-private exercise designed to develop a municipal-level response framework and integrate local, state, and federal assets. By simulating a complex physical and cyberattack which impacts multiple critical infrastructure sectors, Jack Voltaic 2.0 assessed the city’s response capability, communication between public and private partners, integration of National Guard cyber capabilities, and the Army’s coordination with regional and state authorities. Panel will discuss lessons learned from the Jack Voltaic 2.0 exercise.

This panel will explore how the government and the private sector engage in the process of taking down botnets and how we can improve this public-private partnership. While a majority of these operations have led to successful public safety outcomes, the lack of a more formalized, efficient process that can address a full range of botnet activity and the potential downstream harms that can occur during the takedown process presents concerns for all parties involved. Moreover, interests of corporate parties and the government may not always be aligned in these malware interventions. These differences could, at times, give rise to conflict over the best and most efficient method or path to addressing both the criminal conduct of “bot herders” and the public safety and information security harms that can metastasize when botnets are not disrupted. This panel will draw on the expertise of high-level practitioners in the public and private sector who are at the helm of these botnet takedown efforts, along with academics who are studying how to improve the botnet takedown process for the good of all.

Presenters:

From an international perspective, this panel will explore the issues that amplify and dampen our underlying stability in cyberspace. These include such topics as escalation, resilience, signaling, norms, deterrence, strategies, and policies.

Machine learning capabilities have recently been shown to offer astounding ability to automatically analyze and classify large amounts of data in complex scenarios, in many cases matching or surpassing human capabilities. However, it has also been widely shown that these same algorithms are vulnerable to attacks, known as adversarial learning attacks, which can cause the algorithms to misbehave or reveal information about their inner workings. In general, attacks take three forms: a) data poisoning attacks inject incorrectly or maliciously labeled data points into the training set so that the algorithm learns the wrong mapping, 2) evasion attacks perturb correctly classified input samples just enough to cause errors in classification, and 3) inference attacks which repeatedly test the trained algorithm with edge-case inputs in order to reveal the previously hidden decision boundaries. Protection against adversarial learning attacks include techniques which cleanse training sets of outliers in order to thwart data poisoning attempts, and methods which sacrifice up-front algorithm performance in order to be robust to evasion attacks. As machine learning based artificial intelligence (AI) capabilities become incorporated into facets of everyday life, including protecting cyber assets, the need to understand adversarial learning and address it becomes clear. Poisoning attacks that inject incorrectly labeled malicious traffic or data can be leveraged by the adversary to enable their attacks to go undetected, while data evasion attacks can be used to cause false classification of benign traffic as malicious thereby eliciting a defense response. If AI is to succeed in helping cyber security, it must be secure and robust to attacks itself. Understanding and addressing challenges associated with adversarial learning requires collaboration between several different research and development communities, including the artificial intelligence, cyber security, game theory, machine learning, as well as the formal reasoning communities. This panel examines the challenge that adversarial learning presents with regards to applying AI to problems in cyber security.

Keynote Speaker:

Moderators:

CyCon U.S. is jointly organized by the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

Disclaimer: The views expressed by authors and speakers presenting at the conference are not those of the United States Military Academy, the Department of the Army, or any other agency of the U.S. Government.